## Authoritative DNS for ungleich * Zone are stored in git ## Reload mechansim ### Constraints * If possible stay with the regular/upstream container * Rebuilding causes a delay and extra work ## Git cloning inside the pod * It's easy to write a shell script that does git pull && checkzone && reload * Needs ssh keys or token inside the pods ``` git clone https://nico:@gitea.default.svc.c2.k8s.ooo/nico/ungleich-k8s.git ``` ### Flux/git repository **TL;DR** This approach does not work because of shortcomings of kubectl/kustomize. The idea: * Flux has native support for git pulling * In theory, k8s has everything in place * We could generate a configmap from the DNS files (and a configuration file!) * We can checksum that configmap (helm feature or kustomize hashing) * Triggers a new deployment * We can add liveliness checks Testing config: ``` apiVersion: source.toolkit.fluxcd.io/v1beta1 kind: GitRepository metadata: name: dns-zones namespace: default spec: interval: 1m url: https://code.ungleich.ch/ungleich-intern/ungleich-dns-zones.git secretRef: name: https-credentials-dnszones ref: branch: master --- apiVersion: v1 kind: Secret metadata: name: https-credentials-dnszones namespace: default type: Opaque stringData: username: nico password: ..... --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 kind: Kustomization metadata: name: dns-zone-kustomization namespace: default spec: interval: 1m path: "./" prune: true sourceRef: kind: GitRepository name: dns-zones ``` Using: ``` kubectl apply -f gitrepo.yaml ``` **This could do everything** with the right kustomization.yaml inside the ungleich-dns-zones repository. However there is a problem: - configmapgenerator cannot use a glob / wildcard And we have a lot of different zones below the `zones/` directory in the ungleich-dns-zones repository. This in theory very elegant approach only worked if there was an intermediate `kustomize edit add configmap configmapname --from-file='./zones/*'` in between. However even that would not work, as it includes dotfiles, as can be seen on https://github.com/kubernetes-sigs/kustomize/issues/4108